Search for “Installing Chrome” on Bing can lead to malicious content

At this point, the process of installing the most used browser in the world remains risky

A Twitter user was directed by Bing (the default search engine used by Microsoft Edge on Windows 10) to a fake website while trying to find a way to install Google Chrome on his new laptop.

The user, named Gabriel Landau, discovered that Bing was showing a search result directed to users who searched for the phrase “Download Chrome” linked to an unofficial site (called googleonline2018[.]com).

Digital forensics experts consider that, if he had been less cautious, Landau might have been deceived by malicious users to download undesirable code from this unauthorized site directly on his computer.

This is a highly probable scenario; in the search result promoted by Bing, the domain was listed as google.com, but the link actually led to anyone who clicked on it to a different domain.

Gabriel Landau posted about the incident in his Twitter account: “New Laptop with Windows 10. I almost fell into a trap trying to install Chrome. I need an explanation of Bing”, mentions the user in a tweet, attaching a video that shows the malicious link.

In the video, Landau downloads the fake Chrome installer (something little recommended for users without enough knowledge) and verifies that the signature of the software corresponds to a company called “Alpha Criteria” instead of Microsoft.

According to reports from experts in digital forensics, Microsoft responded to the incident by saying that it has eliminated malicious Bing ads, and that the account associated with this site has been deleted. Microsoft will also implement a webpage where users can report “low quality” ads (such as malvertising).

Of course, that doesn’t explain how this ad in Bing’s search results claimed to bring the user to the legitimate Chrome download site. Even worse, experts in digital forensics had reported incidents of that nature for six months, without the company ruling on it or eliminating this type of content from the search results of its browser.

In April, digital forensics specialist Lawrence Abrams described how the search for “Chrome download” in Bing resulted in an ad that seemed to redirect users to the official Chrome download page in the google.com domain, but actually carried them to the fake site googlechrome2018[.]net.

Although this ad was removed time after, the real problem is that these incidents keep happening.

Microsoft needs to implement more efficient measures to prevent these misleading and malicious ads from appearing in its browser’s search results. Cybersecurity and digital forensics experts from the International Institute of Cyber Security consider that the only thing left to do to users is to continue reporting this kind of content and wait for the company to take these reports seriously in the future.

Gabriel Landau asked the team in charge of Bing what measures they would take to address this situation, the company has not yet responded.